fallback: trigger no DNS queriesv1.5.31.5-stable

fixes race condition where an unnecessary DNS query fails after kernel
rules have already been flushed

1 files changed, 16 insertions, 14 deletions

diff --git a/awall-cli b/awall-cli
index 334bcc9..1749240 100755
--- a/awall-cli
+++ b/awall-cli
@@ -202,6 +202,22 @@ if not call(
       end
 
 
+      local iptables = require('awall.iptables')
+
+      if mode == 'fallback' then
+
+	 for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
+	    signal(posix['SIG'..sig], 'SIG_IGN')
+	 end
+
+	 posix.sleep(10)
+
+	 printmsg('\nTimeout, reverting to the old configuration')
+	 iptables.revert()
+	 os.exit()
+      end
+
+
       local input = policyset:load()
 
       if mode == 'dump' then level = 0 + (arg[opind] or 0) end
@@ -284,9 +300,6 @@ if not call(
       local dumpfile = outputdir and outputdir..'/dump' or sysdumpfile
 
 
-      local iptables = require('awall.iptables')
-
-
       if mode == 'dump' then dump(level)
 
       elseif mode == 'diff' then
@@ -384,17 +397,6 @@ if not call(
 	 end
 
 
-      elseif mode == 'fallback' then
-   
-	 for _, sig in ipairs{'HUP', 'INT', 'PIPE'} do
-	    signal(posix['SIG'..sig], 'SIG_IGN')
-	 end
-
-	 posix.sleep(10)
-
-	 printmsg('\nTimeout, reverting to the old configuration')
-	 iptables.revert()
-
       elseif mode == 'flush' then iptables.flush()
 
       else assert(false) end